Posted by: Robert Westervelt
Android malware, mobile malware, smartphone attacks
The Android applications contained hidden Trojan called DroidDream that attempted to gain root access to the smartphone to view sensitive data and download additional malware.
Google has pulled at least 21 free applications from its Android Market late Tuesday after software developers found hidden malware aimed at gaining access to sensitive data.
The free applications included variety of games and were removed after bloggers questioned hidden malcode in them that attempted to gain root access to the user’s smartphone. Google removed the apps and references to their publisher, Myournet. within minutes of being informed of the problem.
According to Aaron Gingrich, who writes for the Andoid Police blog, the apps contained a variety of hidden features, including the ability to contact a remote server to download more malware.
“I asked our resident hacker to take a look at the code himself, and he’s verified it does indeed root the user’s device,” Gingrich wrote.
“But that’s just the tip of the iceberg: it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.”
The malware has been analyzed by mobile malware researchers at Lookout Inc. Called DroidDream, the malware has been discovered in more than 50 applications in the official Andoid Market. In an update on the Lookout blog, the company said Google is actively working on the issue. The Lookout DroidDream blog post also lists all the affected applications.
We originally reported that Google removed the apps from devices, but we recently learned that the remote removal system has not yet been engaged for these applications because they are under active investigation.
Up until now malware has been surfacing on apps on third-party Android app repositories. Google and Apple have removed Android and iPhone apps in the past for failing to comply with certain standards. While both mobile giants check apps for software quality and interaction with the smartphone OS, experts point out that they do not closely scrutinize applications for hidden malicious code and other security issues.